ZDNET and CNET (Just paraphrasing the ZDNET article) are both reporting that apparently Google's security team have discovered some very critical flaws in the Java Run Time Environment (JRE) that threatens security on pretty much anything that runs Java.

Hmmm, I have my reservations about this claim. Several things just don't sit right with me. For a start, no details what-so-ever about the alleged flaws are mentioned - not even the slightest hint; the whole article is very vague; no one from the "Google security team" is even quoted in the article and most significantly of all, no security alerts from the likes of CERT have been raised. What's more, no one else is reporting about these supposed flaws.

So, do we have a situation here of Google scare-mongering, arrogant Google developers who believe flaws exist, or a very ignorant journalist?

Update: Both articles have now been rewritten and now actually provide details of the flaws and even cite the relevant CERT advisories, and detail that the flaws have actually been fixed. No sign of the original flawed article.